Jump to content
Larry Ullman's Book Forums

Question about Ex2 website: Converting Rewrite rules from htaccess file into a web.config xml file for Microsoft IIS server

Recommended Posts

Hello administrators,

I would like to request for some help please.

I am Web developer in training at college. Using your book for our e-commerce course.

I am using a Microsoft IIS server to host the ex2 website example. Unfortunately I do not know server version. And don't have someone to contact.

The professor imported  .htaccess file rewrite rules into the Microsoft IIS rewrite module which converted the rules to be used in a Microsoft IIS server in a live environment. The file is now a web.config file in xml markup. The following was the Rewrite rules conversion into the xml document (i can provide the entire xml file code if needed):

		<rule name="Imported Rule 1-1">
			<match url="^shop/sales/?$" ignoreCase="false" />
			<action type="Rewrite" url="sales.php" />
		<rule name="Imported Rule 2-1">
			<match url="^shop/([A-Za-z\+]+)/?$" ignoreCase="false" />
			<action type="Rewrite" url="shop.php?type={R:1}" appendQueryString="false" />
		<rule name="Imported Rule 3">
			<match url="^browse/([A-Za-z\+\-]+)/([A-Za-z\+\-]+)/([0-9]+)$" ignoreCase="false" />			
				<!-- url format browse/type/categoryName/id -->
			<action type="Rewrite" url="browse.php?type={R:1}&amp;category={R:2}&amp;id={R:3}" appendQueryString="false" />
		<rule name="Imported Rule 4" stopProcessing="true">
			<match url="^(checkout\.php|billing\.php|final\.php|admin/(.*))$" ignoreCase="false" />
			<conditions logicalGrouping="MatchAll">
				<add input="{HTTPS}" pattern="off" ignoreCase="false" />
			<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />


I had a question about the "specific products" Rewrite rule regex characters. The whitespace character " \+ "  will not convert appropriately in my live environment for a category GET request from the part of the Rewrite rule below " browse/ ..... /([A-za-z\+\-]+/ ..... "

<match url="^browse/([A-Za-z\+\-]+)/([A-Za-z\+\-]+)/([0-9]+)$" ignoreCase="false" />

url to match: < browse/type/categoryName/id >

When i click on the "View all Dark Roast Products" link or any "View All products" link, whose $category  value has two words with a whitespace in between , I get a runtime error whenever the GET request tries to access that $category from my database. The affected link comes from the list_categories.html view file in the following code:

echo '<ul class="items-list">';

while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { // Fetch each item.
	// Print the item within some HTML:
	echo '<li><h3>' . $row['category'] . ' </h3>
                <p><img alt="' . $row['category'] . '" src="/studentOne/web260/ex2/html/products/' . $row['image'] . '" />' . $row['description'] . '<br />
                <a href="/studentOne/web260/ex2/html/browse/' . $type . '/' . urlencode($row['category']) . '/' . $row['id'] . '"
                   class="h4">View All ' . $row['category'] . ' Products</a></p>


echo '</ul>';


When I click on that <li><h3><p><img><a> View All $category Products</a>  link i receive this error page:


Server Error in '/******/******' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

<!-- Web.Config Configuration File -->

        <customErrors mode="Off"/>

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>

NOTE: The title "Server Error in: ....", at the top of the error page, the actual directory of the server are omitted to ensure I am not releasing any confidential information about the server.

Any suggestions are appreciated.

I thought of substituting the " \+ " with " \s " or " %20 " to translate the whitespace character to the appropriate regex character for a Microsoft IIS server, but I still receive the same runtime error as above, and the browser continues to redirect to the  web.config file.

Thanks for any help you may provide.





Link to comment
Share on other sites

Unfortunately I don't have any experience with IIS rewrite rules. Perhaps this is something your professor could help with? If you're having this problem, certainly other people in the class will be, too. 

Link to comment
Share on other sites

  • 2 weeks later...

Thank you Larry for your response. Good point. One of our classmates found the issue. So it's an issue in our Microsoft IIS v. 7+ remote server. The urlencode( ) method used to print  to the URL the $categories query parameter converts the whitespace character into a + sign, but Microsoft IIS 7+ considers the "+" character in url queries a security risk and so the server removes it and breaks the link to "Dark Roast" category products.

The solution is to add a DoubleEscaping= attribute to the <security></security> xml tag in the web.config file.

Just sharing if anybody else runs into a similar issue.



Link to comment
Share on other sites


  • Create New...